Company

News

Investors

Your Information is Safe and Available

Data Protection meets high-scale systems

Our products and services are transforming the sales and marketing industries with the Inbound revolution, but the backbone of our success is providing a safe and trustworthy place for marketing and sales data. Protecting your data is our obsession.

Resilience & Availability

Will HubSpot's software be available?

Yes! HubSpot’s availability is consistently above 99.99%. Customer data is 100% backed up to multiple online replicas with additional snapshots and other backups.

What if something isn't working as expected?

Your site, marketing campaigns, and sales activities are as critical to us as they are to you. If there’s ever a customer-impacting situation, we will make you aware of it on our Status site and keep you continually updated.

Does HubSpot monitor its systems and software?

Does the HubSpot software contain system redundancy?

Yes! Every part of the HubSpot products is distributed across at least 3 data center availability zones. Databases, application servers, web servers, jobs servers, and load balancers as well as backend support services all have multiple failover instances to prevent outage from single points of failure.

Application Security

Does HubSpot encrypt data in transit?

Yes! Sessions between you and your portal are always protected with top end in-transit encryption, advanced TLS (1.0, 1.1, and 1.2) protocols, and 2,048-bit keys.

Can I use SSL (TLS) on my HubSpot-hosted sites?

Yes! You have the option of enabling TLS for your website. Please see our How to set up SSL page for more detail.

Is my website or data protected by a Web Application Firewall and network firewall?

Yes! HubSpot prevents attacks with sophisticated monitoring and protections including a high-grade web application firewall and tightly controlled network-level firewalling. In addition, HubSpot’s Distributed Denial of Service (DDoS) prevention defenses protect your site and access to your products from attacks.

Does HubSpot incorporate security into its software development lifecycle (SDLC)?

Yes! HubSpot code is high quality from conception to deploy. We use automated static code analysis alongside human review to ensure development best practices are implemented across our thousands of daily code pushes. Responsive software development means new features, resiliency improvements, and bug fixes arrive hundreds of times a day, seamlessly.

Does the HubSpot infrastructure detect and prevent attacks?

Does HubSpot rapidly patch and update when vulnerabilities are identified?

Yes! HubSpot’s patch management process pushes security updates fast and consistently. In most situations, patching is handled by deploying new server instances with the most up to date patches and de-provisioning out of date servers.

Does HubSpot have an incident response program?

Yes! HubSpot's incident response program is responsive and repeatable. Incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Does HubSpot have a repeatable process for discovering and quickly correcting security bugs?

Yes! We test for potential vulnerabilities continuously in all layers of the technology stack. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run every day, all day. Our Security team hammers our products day-in and day-out to detect and quickly respond to flaws.

Does HubSpot bring in outside third parties to find security issues?

Yes! We bring in industry-respected 3rd party penetration testing firms 4 times a year to test the HubSpot products and corporate infrastructure. We also have rigorous internal and external audit processes to ensure that processes are implemented and working as intended.

Can I get involved in security testing the HubSpot products?

Yes! In addition to our internal processes, HubSpot crowd-sources vulnerability assessment with our bug bounty program. Rewards are available for helping us spot potential flaws. Are you interested? Check out our bounty program.